Security White Hat Hook Up – The Future of Software Security



  • in the Software Industry

    Event Co-Hosts

    ITAA Logo Nasdaq

    Program Overview

    NASDAQ, ITAA and SDForum are hosting this half day breakfast seminar as a convocation of local “white hats” from the software industry to learn and affirm. Come and affirm to press and analysts that you and your software or consulting company are on top of quality issues voluntarily, without government intervention. Live audience polls will measure developer adoption of security / quality tools and techniques. Come and benchmark yourself and your software engineering team against best practices.

    Learn more about how to prevent, reduce and remediate vulnerabilities in packaged and custom software. Hook up with our confirmed expert security panelists from Microsoft, Internet Security Systems, The Center for Internet Security, Cenzic, Virtusa, and Fortify Software. (Invited Borland, Coverity, Parasoft). Learn about possible product and personnel certifications and credentialing that could regulate software R&D and outsourcing practices if the industry isn’t seen as responding to public perceptions of negligence. Media stories about worms, spyware, viruses, denial of services and identity theft often blame the exploit on a vulnerability in a piece of commercial or open source software. Come to this seminar; help set the record straight – the software industry wears the white hats. Along with the press, you’ll receive post-seminar proceeding papers.


    8:00am - 8:30am Breakfast and at-the-door registration

    Moderator: Jeff Lande, SVP Software and ITServices, ITAA
    Introduction to Today's Program and Speakers

    8:30 - 9:15 Panel One - A Secure IT Environment - A joint Software Industry-User Responsibility

    Dave Ostrowski, Director of Security, Internet Security Systems
    Ten Best Practices for Defense in Depth

    Clint Kreitner, President/CEO, The Center for Internet Security
    Better Out-of-the Box Software Configuration:
    A Joint Vendor-User Responsibility
    Audience Q&A

    9:15 - 10:15 Panel two - Face Off – Software Industry Voluntary Best Practices vs. Government Intervention

    Joe Jarzombek, Director for Software Assurance,
    Department of Homeland Security
    Goals of the DHS Software Assurance Program; The Build Security In Initiative; Secure Software for National Security and Critical Infrastructure Protection

    Joe Tasker, Senior VP Government Affairs, ITAA
    Impact of Proposed Government Software Product
    Certifications & Credentialing Rules
    Audience Q&A

    10:30 – 12:00 Panel Three – Secure Software Engineering: People, Processes, Tools, Techniques

    Steve Lipner, Director Security Engineering Strategy, Microsoft
    Author with Michael Howard of The Security Development Lifecycle, Microsoft Press The Security Development Lifecycle and the Relationship of Security Engineering Processes to the Common Criteria

    Brian Chess, Founder & Chief Scientist, Fortify Software
    Preventing Vulnerabilities with Source Code Analysis

    Mark Borges, VP Information Technology, Virtusa Corporation
    Reducing the IT Risks of Off-Shoring Software Development Projects

    John Weinschenk, CEO & President, Cenzic
    Web Application Vulnerability Remediation
    Audience Q&A

    Event Logistics


    Network Meeting Center
    5201 Great America Parkway
    Santa Clara, CA 95054

    No Charge to Attend


    Cenzic, Internet Security Systems
    Virtusa Corporation